Re: How to re-lock ssh private key?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gordon Messmer wrote:
> I believe the documentation wasn't written because services were
> intended to be identical to ssh-agent.

The problem is that it is configured in very different ways than
ssh-agent.  So it requires it's own documentation.

And further, the services are a long way from identical. :)

> The "ssh-add" tool can still be used to add and remove identities,
> and has its own man page.

Sure, and I find that many of the things documented to work in the
ssh-add manpage do not work with the ssh agent provided by gnome
keyring.

Are you able to remove identities from the gnome provided agent?  I am
not.  Not with the -d or -D switch.

$ ssh-add -l
1024 61:34:65:0b:eb:cb:2b:83:cf:e2:3d:e9:9f:2f:c5:d3 id_dsa (DSA)
2048 27:c0:40:7c:f2:e5:4b:20:23:6b:19:2a:af:11:e7:6c id_rsa (RSA)

$ ssh-add -D
All identities removed.

$ ssh-add -l
1024 61:34:65:0b:eb:cb:2b:83:cf:e2:3d:e9:9f:2f:c5:d3 id_dsa (DSA)
2048 27:c0:40:7c:f2:e5:4b:20:23:6b:19:2a:af:11:e7:6c id_rsa (RSA)

Same for the -t option to have an identity expire, as well as the -x
option to lock the agent.  In the case of the -x option, ssh-add
prompts for a password to lock the agent and then reports "Agent
locked."  Yet the keys continue to be usable to login to remote
systems.

Unless I'm doing something very wrong (which is always a possible),
the gnome provided ssh agent is lacking a great many ways.

Perhaps worst of all, I have been unable to disable the gnome ssh
agent using the methods at http://live.gnome.org/GnomeKeyring/Ssh .
So what little documentation there is appears to be inaccurate. :(

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hell is paved with good samaritans.
    -- William M. Holden

Attachment: pgpK02YEXA6zH.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux